Jul 06 , 2020
June the 16th began as any other day, for me, with a strong black coffee & a seat parked in front of my computer to check my messages. It was whilst reviewing my emails I noted a text with the now infamous Encrochat message advising all Encro users the game was up.
I instantly began to get excited, because, like anyone else, I enjoy a bit of scandal however before I posted anything, I realised I had to verify the story as otherwise, it was just hysteria. Once I verified the story, I posted the now infamous article "EncroChat hacked, users exposed & arrests galore - the King is dead"
I say infamous article because whilst you may have read it once, collectively it has been read over 20,000 times - which is incredible for a piece of literature written in my boxer shorts!
If ever a story could highlight the power of Google, it is this one. Within one hour of the post being put online, we had over 200 visits. By the end of the day the website had over 2000 visits, by the end of the week we had achieved 3 months traffic in a matter of days. After Vice interviewed us we had 15,000 visitors in one day!
And, because of the hype generated by the story, we got an interview with the Daily Telegraph about the state of the Encrypted Phone Sector. The article is an interesting read & I've attached it below for you to muse. Anything written which includes your opinion & Googles boss in the same sentence can only be a good thing!
Enjoy! The full article can be found at the Daily Telegraphs website.
The booming business of encrypted tech serving the criminal underworld
For the astonished detectives, it was like "getting the keys to Aladdin's cave". Over the last few years, senior arms dealers and drug trafﬁckers across Europe had come to rely on EncroChat, a shadowy tech company selling hyper-secure smartphones offering "guaranteed anonymity".
Assured of their safety, crooks discussed products and prices in exhaustive detail, without the usual codewords. EncroChat's steep subscription fees, running to thousands of pounds every year, were an offer no self-respecting contraband logistics professional could afford to refuse.
That is why EncroChat's systematic inﬁltration by British and European police forces, ﬁnally made public on Thursday after more than 740 arrests, was an intelligence coup equal to the Enigma breakthroughs of the Second World War. One underworld insider, speaking to Vice News, was eloquent in their brevity: "People are f-----."
EncroChat is far from the only encrypted smartphone system
Yet EncroChat was only the latest of many ﬁrms to proﬁt from the patronage of rationally paranoid kingpins. Modern syndicates have far outgrown the pagers and payphones made famous by The Wire, feeding a thriving if high-turnover industry that blurs the line between legitimate privacy tech and criminal conspiracy.
"Security hardened hardware has always existed in some form," says Dr Lukasz Olejnik, an independent cybersecurity researcher who has advised the European Union and the Red Cross. "You had laptops, and you had military-grade rugged laptops...
"But recently, special boutique offers for hardened smartphones are also gaining popularity in some places, because a specialised system may be more difﬁcult to hack using standardised tools. Finding a right and trusted vendor is still tricky. Only a few come to mind – and they are not necessarily cheap...
"Such systems are not suspicious in themselves; they simply cater to users who demand and seek hardened system setups. It appears this one became very popular with a very speciﬁc user base."
There was Phantom Secure, based in Vancouver, Canada, whose chief executive Vincent Ramos was jailed last year for supplying modiﬁed BlackBerries to customers with email addresses such as "firstname.lastname@example.org" and "email@example.com", as well as the Mexican Sinaloa Cartel.
There was also MPC, allegedly controlled by gang lords who had decided to skip the middleman and hire their own tech team. Savvy move: their reported previous vendor, Ennetcom, was busted by Dutch police in 2016.
Governments around the world want to break encryption
The problem is that secured smartphones also have very legitimate uses. Mainstream tech companies such as Apple and Facebook happily trumpet their security features, while encrypted chat apps such as WhatsApp and Signal have become essential tools for politicians and ofﬁcials around the world.
Although both the British and US governments want to curb strong encryption in consumer services by inserting controversial mandatory "backdoors", it remains legal and widely used. Many parts of the global tech industry would fall to pieces without it.
Properly hardened phones do have some unusual features. EncroChat's website proudly boasted of its handsets' tamper-proof design, live customer support, remote message destruction, rapid "panic wipe" and ability to masquerade as a normal Android phone. Cameras, microphones, GPS functions and data ports were all removed. Live customer support was naturally available.
Still, phonemakers who are willing to speak to the press insist their business is reputable. One of them is Craig Buchan, a voluble 42-year-old Scott from Fraserburgh, Aberdeenshire who peppers his rapid speech with "yeah?" and "right?".
Now based in Dundee, he sells "security-enhanced phones" through his ominously-named company Omerta – and has recently been marketing to disgruntled EncroChat customers. He sounds almost offended by that ﬁrm's failure to protect its users, saying: "It's criminal!".
As he tells it, he cut his teeth "installing touch-screen casino games all over south-east Asia" and then spent ten years as an IT manager at the University of Leeds, where he used encryption to guard sensitive research projects.
"Privacy is a human right, for starters," he says. "Historically the government are not always the good guys. Russia was under Stalinist rule for ﬁfty years... I believe Encrochat probably really was the criminal's choice of phone... I refuse to believe it was exclusively used by criminals."
His customers have included journalists, high-end commercial solicitors, military contractors, "a political prisoner" and simple privacy enthusiasts. He also notes that his devices don't go far beyond what is available in ordinary smartphones, in many cases just making common features obvious or mandatory.
In this end of the industry sharp business practices are common. Buchan says he has often seen peers "bad-mouth each other" on web forums and blogs. He was once approached by a rival who claimed to have bought the rights to a well-known piece of software, offering to cut him a deal. When he contacted the software's actual makers, they had no idea what he was talking about.
Buchan does admit that, sometimes, he has sold to someone he had a "hunch" – albeit no more – might be shady. He never asks customers what they will use his phones for ("it's none of my business; people are entitled to privacy"), and in any case sells most of his devices through an online shop.
He is adamant, however, that he would not deal with someone if he had more solid reasons to think that they were involved in illegal activity, and says he takes "socially responsible steps" to limit such bad uses.
For example, he sells special Sim cards that let users mask their phone number behind another (helpful for people who run multiple businesses). When he realised that many customers were buying them speciﬁcally to simulate 0300 or 0800 numbers – probably to masquerade as bank employees – he blocked that ability. "That probably cost me three quarters of my sales," he says.
He even notes that he is politically comfortable with governments installing malware on people's phone to bypass encryption – as long as there are proper legal "checks and balances' in place . And he disavows the "appalling" advertising tactics of ﬂy-by-night competitors (one secure phone company promoted on Instagram with the slogan "snitches get stitches"). "That's just crass, disgusting," he says. "I'd like to think we've got some decorum."
But hasn't he just been advertising to EncroChat's former customers? Sure: Buchan is certain that some of them were legitimate, and suggests that it's those people he wants to reach. "Was it sailing close to the edge? Maybe. But this is what puts food on the table."
As for his company's name, Buchan acknowledges the Maﬁa connotations, saying it's a "nudge nudge, wink wink" reference to public perceptions about secure devices. Yet he also argues that the original "omertà", an Italian criminal code of silence that may be centuries old, historically sometimes meant a simple refusal to cooperate with authority – not always a bad thing in his book.
Besides, he adds, "it was a much better name than something like 'Encryptor' or 'Encryptonite'... as a brand name I think that's fantastic. It's Italian, it's fashionable, it gets
away from this geeky language that alienates people. The academics and journalists who get it, they think it's cool – it makes it sound a bit notorious."
EncroChat's downfall won't bring down the wider market
Despite the big arrests, secure phones are likely to become more common – as long as they are not regulated out of existence. There is now a booming parallel industry devoted to state-sanctioned malware, which activists allege is regularly being sold to murderous regimes.
The Israeli ﬁrm NSO has been accused of helping Mexico and Saudi Arabia spy on dissidents via its WhatsApp-busting "Pegasus" software. US police forces, now suffering a nationwide reckoning over racism and brutality, have long used portable "Stingray" and "Graykey" devices to defeat iPhone security.
A good opportunity, then, for open-minded entrepreneurs to make an entirely metaphorical killing? Maybe not, says Olejnik, who believes the business model has one fatal weakness.
"We can actually say that criminals catering to a ﬁxed system en masse is a bit bizarre," he says. "When you have a popular platform for doing nefarious things, one may expect someone would come for such a platform sooner or later.
"Whatever the guarantees, such a standard system may become a target, and it's expected that its security may be broken."
Quantum computing could be a force for good, potentially solving lots of healthcare issues and improving communications and navigation systems among many other applications.
Theoretically, it works by using a collection of small pieces of matter that when held in a state of entanglement, are able to calculate the answers to an entire problem all in one go.
That poses a risk because it could allow someone to crack encryption by generating all the possible keys that are protecting the information in hours, rather than billions of years it could take now.
In other words, any sufﬁciently successful encrypted phone business is a potential gold mine for the fuzz, just as EncroChat was.
And Craig Buchan sees another potential doom ahead. Five years or so from now he expects quantum computing – a nascent technology that could crack open modern encryption methods through sheer processing power – to become mainstream. Google boss Sundar Pichai has made the same prediction.
What will Buchan do then? "I don't know, mate!" he laughs. But perhaps, he muses, there will soon be a market for quantum-encrypted mobile phones.